dnsmonster is Fenko’s passive DNS capture and indexing project. It captures DNS traffic from live network interfaces, PCAP files, and dnstap sources, then turns that stream into searchable DNS telemetry.
The open-source project is for teams that need to understand what their networks are resolving, spot unusual DNS behaviour, and retain useful DNS evidence without building the capture pipeline from scratch.
What it does
dnsmonster listens to DNS traffic, parses queries and responses, and writes structured records to storage backends that can be searched and analysed later.
It is useful for network visibility, incident response, threat hunting, malware analysis, and long-running DNS telemetry collection.
Where it fits
Use dnsmonster when you need passive DNS visibility from your own environment. That might mean capturing DNS from a sensor, replaying PCAP evidence after an incident, or ingesting dnstap output from DNS infrastructure.
The managed service work now lives at dnsmonster.dev. The open-source code lives under FenkoHQ/dnsmonster.